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APPARATUS, SYSTEM, AND METHOD FOR COMMUNICATING TO 
A NETWORK THROUGH A VIRTUAL DOMAIN 

SCOPE OF THE INVENTION 

5 

This invention relates generally to networks and 
network systems, and more specifically to a system and 
method for enabling anonymous network activity, while 
establishing virtual namespaces for clients. 

10 

BACKGROUND 

The proliferation and expansion of computer systems, 
networks, databases, the Internet, and particularly the 

15 World Wide Web (WWW) , has resulted in a vast and diverse 
collection of information and means of communication. The 
current Internet infrastructure involves millions of 
computers linked together on a computer network. This 
network allows all of the computers to communicate with one 

20 another. Clients are typically linked to the Internet via 
Internet Service Providers (ISP's), which in turn connect 
to larger ISP's. This allows numerous clients to 
communicate to each other through their various 
connections . 

25 In general, all the machines on the Internet can be 

categorized into two types: servers and clients. 

1 
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Typically, machines that provide services (like Web 
servers, FTP servers, Email servers, etc.) are servers. 
Servers are loaded with the appropriate software in order 
to allow them to perform their intended services. Machines 
5 that request information from servers are typically called 
clients. In order to differentiate between machines on the 
network, each machine is given a unique address called an 
IP address. 

The IP address is a thirty-two bit number that is 
10 normally expressed as 4 octets in a dotted decimal number 
(e.g. , 192 . 168. 1. 101) . Each of the octets can have values 
between 0 and 255 (2 8 possibilities per octet) . When a 
client connects to the Internet, the client is assigned an 
IP address through their Internet Service Provider (ISP) 
15 for the duration of the connection. Conversely, the IP 
addresses of servers are relatively static, and do not 
change very often. 

Because it is difficult for clients to remember IP 
addresses, and because IP addresses need to change, most 
20 servers on the Internet possess domain names (e.g., 

"www. whoknowz . com" ) to help users reach their intended 
servers without remembering strings of numbers. Name 
servers, used in the domain name system (DNS) , map the 
human- readable names into IP addresses to help clients 
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reach their destinations. When a client enters a domain 
name, the browser (via a resolver) extracts the domain name 
and passes it to a name server, which will return the 
correct IP address to the associated site. The Domain Name 
5 System is comprised of a distributed database and name 
servers that access that database. 

One of the main problems with the current utilization 
of IP addresses and domain names on the World Wide Web 
(WWW) is that the WWW is based largely on the hypertext 

10 transport protocol ("HTTP-protocol") . The nature of HTTP- 
protocol allows information, such as a client's e-mail 
address, web sites that were visited, and information on 
the client's software and host computer, to be recorded and 
traced by the server. This opens up the user to a range of 

15 privacy threats including unwanted e-mails, solicitations, 
and "cookies" (data that is stored on the client's machine 
by a server and subsequently used for identification) . 
Furthermore, clients that wish to cloak themselves from 
such intrusions are forced into systems that simply provide 

20 alternate account identities for the client; while the 

client is protected, the alternate account identity becomes 
the object of the unwanted e-mails, "cookies", etc. 
instead. The effect of this is similar to the client 
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manually creating a new user account in which to browse the 
WWW. 

One of the solutions available is to route the client 
through a proxy server in order to substitute IP 
5 information being sent by the client. When a client 
desires to visit a web server, the packets sent from 
client's computer are routed through a proxy server. At 
the proxy server, the server executes algorithms to extract 
information that would identify the client, and replaces 
10 the information with predetermined substitutes. 

Afterwards, the proxy server routes the packet out to the 
web server. Once the web server receives the packet, all 
of the information points back to the proxy server, and not 
to the client. This in effect "hides" the client from the 
15 web server. 

However, a drawback to such systems is that, as 
mentioned before, the client is obtaining protection merely 
through the use of an alternate identity that is ultimately 
assigned back to the same client. Furthermore, current 
20 systems do not have any added flexibility designed in the 
system to take advantage of anonymous client group browsing 
or multiple group association. In order to fully take 
advantage of ad hoc identity browsing, additional features 
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need to be added in order to create a "community- 1 ike " 
environment among numerous anonymous clients. 

SUMMARY OF THE INVENTION 

5 

To address the above-discussed deficiencies in 
existing systems, the present invention involves the use of 
three algorithms, known collectively as DNS Misdirection 
and individually as the deceiver, the controller, and the 

10 forwarder. The deceiver communicates with clients and with 
the controller. The deceiver provides name resolution for 
clients. The routine works the same as a standard name 
server, except when a query is received from a client, the 
deceiver allows the controller to supply the information. 

15 The controller communicates with the deceiver and the 

forwarder. The controller determines the address, "time to 
live'' (TTL) , and other DNS result fields and returns them 
to the deceiver. The controller is queried by the 
forwarder for the site address that the client intended to 

20 reach. 

One advantage of the invention deals with isolating 
client activity on the Internet. Another important feature 
of the invention is that the DNS Misdirection system allows 
for the creation of virtual namespaces. Through these 
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namespaces, the isolated clients can anonymously browse the 
Internet while being part of a virtual community. By 
utilizing virtual namespaces and generated root domain 
names (e.g., "carlover", "winetaster" , n stockpicker" ) , the 
5 community activities would be inaccessible to all but 
intended clients. Furthermore, since virtual namespaces 
would create a domain through which clients could identify 
themselves and communicate through, network administrators 
could establish ad hoc software applications as well as 
10 domain-specific identifiers that could be assigned to a 
user or groups of users. 

BRIEF DESCRIPTION OF THE DRAWINGS; 

15 The following drawings illustrate certain embodiments of 
the present invention. 

FIG. 1 schematically shows the system architecture of 
an exemplary network on which one embodiment of the 
20 invention may be implemented. 

FIG. 2 illustrates the packet contents as they are 
routed through the network. 

6 
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FIG. 3 generally provides a flowchart representation 
of a client sending a packet to be resolved, and the 
subsequent misdirection of the client to a destination 
website via the present invention. 

5 

FIG. 4 generally provides a flowchart representation 
when the website server responds back to the client through 
the invention. 

10 DETAILED DESCRIPTION 

FIG. 1 illustrates an embodiment of the system 
architecture that contains at least one client (101) . This 
client consists of a personal computer, which contains an 

15 interface to a computer network, such as a modem, network 
interface card, etc. The client (101) may also be 
generalized as any client application. Loaded in the 
client computer (101) are an Internet browser and a 
resolver (not shown) . When the client (101) wishes to 

20 connect to a site on the Internet, the client (101) will 
typically enter a destination site domain name into the 
computer's Internet browser (e.g., "www . whoknowz . com" ) . In 
FIG. 1, the destination site is a web server (108) . The 
Internet browser will typically be connected through an ISP 
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(not shown) . The domain name can be embedded in a URL (via 
hyperlink), or can be explicitly entered by the client. 

If the client (101) is to reach the web server (108) , 
the client needs to obtain the web server's (108) IP 

5 address, shown in FIG. 1 (all of the hypothetically 

disclosed IP addresses in the invention are shown in the 
figure) . With the architecture used in existing systems, 
the IP address must be resolved into a 32 bit (IPv4) / 128 
bit (IPv6) IP address. Normally, the ISP will furnish the 

10 clients with a DNS (105) , which is accessed through the 
client's resolver. The resolver is typically predisposed 
with two IP addresses, which represent the primary and 
secondary name servers that may be accessed. The name of 
the server may be entered manually, or may be provided by 

15 using Dynamic Host Configuration Protocol (DHCP) . The 

process of resolving domain names, and the operation of DNS 
servers is addressed further in detail in RFC 1034 ("Domain 
Names - Concepts and Facilities" - last update: November 
17, 1999) , and RFC 1035 ("Domain Names - Implementation and 

20 Specification" - last update: November 17, 1999) . 

Under the current invention, when an unresolved packet 
is sent from client (101) , the packet is processed through 
the deceiver (104) . A more detailed representation of the 
packet, as well as exemplary port connections, is shown in 
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FIG. 2. It should be pointed out that the term "packet" 
may mean an IP packet, an UDP datagram, or other 
transmitted data. When the packet (1) is transmitted, the 
packet will be transparently addressed to the deceiver 

5 (104) . Upon receipt of the packet, the deceiver (104) will 
recognize the source of the packet (1) through the IP 
source address, shown in FIG. 2. The fields in which the 
IP source and destination addresses function are described 
in greater detail in RFC 791 ( W DARPA Internet Program 

10 Protocol Specification"). By parsing the data field 

through the controller (106) , the deceiver will determine 
the intended domain name that the client (101) wants to 
reach. 

From this point, the deceiver (104) queries the 
15 controller (106) to initiate a name resolution. The 

controller (106) then sends the packet (2) where the IP 
destination address of the DNS (105) is now placed in the 
packet (2) , and is transmitted onward. In the meantime, 
the controller (106) stores the client's (101) IP location, 
20 and determines a name-to-IP address time-to-live (TTL) . 
The TTL is the time period in which the client (101) may 
assume a valid name-to-IP address. The TTL of the name-to- 
IP address may be established through the use of cache, or 
any other suitable memory available. Typically, the TTL 
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field is a 32 bit integer that represents units of seconds, 
and is primarily used by resolvers when they cache network 
resource records. The TTL describes how long a resource 
record can be cached before it should be discarded. The 
5 TTL may be assigned by the administrator for the zone where 
the data originates. Under the present invention, once the 
TTL expires, the client must perform another query in order 
to establish a connection with an IP address. 

Upon receipt of the packet (2) , the controller (106) 

10 determines the source of the packet, and subsequently 

proceeds to process the domain name resolution request, and 
queries the DNS name server (105) in packet (3) to obtain 
the website server (108) IP address. When the destination 
website IP address is resolved in the DNS (105) , it is 

15 transmitted back to the controller (106) in packet (4) . 
When the controller (106) obtains the IP address of the 
destination website server (108) , the controller (106) then 
proceeds to establish connection with a forwarder (107) 
through which to communicate through. Once connected, the 

20 controller (106) then records the IP address of the 

forwarder (107). The forwarder's (107) address is then 
used by the controller (106) to create a valid session for 
the client (101) , by correlating the forwarder address 
with the TTL of the client (101) and the destination 

10 
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website server (108). As long as the client's name-to-IP- 
address has not expired (i.e., the TTL has not run out), 
the controller (107) will associate the established 
forwarder (107) with the session. After connecting with a 
5 forwarder (107) , the controller (106) then proceeds to 

store the client (101) IP address, the destination website 
(108) IP address, the IP address of the forwarder (107), 
and the determined TTL. The stored elements (200) are 
disclosed in FIG. 1. 

10 After storing the pertinent information, the 

controller (106) then returns the forwarder (107) IP 
address back to the deceiver (104) via packet (5) . The 
contents of packet (5) are shown in FIG. 2. After the 
packet (5) is routed through the deceiver (104) , the packet 

15 (6) is then transmitted to the client (101) , along with 
the TTL. Upon receipt of the packet (6), the client will 
be "deceived" into thinking that the forwarder (107) IP 
address is actually the destination website server (108) . 
At this point, any communication between the client (101) 

20 and the website server (108) will be taking place in a 

virtual domain, since both the client (101) and the website 
server (108) do not technically exist to each other - the 
client is isolated from the destination sites of his or her 
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data packets, and the destination sites are isolated from 
the clients that are accessing the site. 

One advantage of this configuration is that the 
virtual namespaces allow system administrators and clients 
5 to create a virtually endless string of identities for 

clients and their target website server(s). For example, a 
virtual namespace may be set up as ".bank", thus 
identifying a bank classification. If a client wishes to 
visit a server that is known to be related to banks, the 

10 client could type "wellsf argo .bank" and be routed to 
"wellsfargo.com" via the system described in FIG. 1. 
Alternately, a client could enter "*.bank" and receive an 
HTML page with all registered entries. Furthermore, the 
client could customize the identification used on the 

15 Internet (e.g., "wellsf argo .doug" ) . Names could be created 
ad hoc or could be associated with groupware (e.g., 
"mother .birthday .card" ; "smith. family . reunion. newyork" ) . 
The variations are virtually endless. 

Some of the implementations of the virtual namespaces 

20 and underlying domains include, but are not limited to: 



(1) creating unique environments for marketing, 
branding, advertising and promotion 
purposes ; 
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(2) allowing for personalized Web identities for 
individual s , corporat ions , organi zat ions , 
etc . ; 

(3) providing anonymous browsing, searching and 
5 e-mailing; 

(4) creating environments for users to establish 
groups for collaborative communication or 
application purposes; 

(5) cataloguing domain names under intuitive 

10 categories or functions (e.g. "bestbuy . shop, 

"amazon . shop" , etc . ) 

(6) creating a search index which allows the 
user(s) to locate all members of a specific 
category and identifying distinct products, 

15 goods, services, content, or information 

provided by any ember of any category and/or 
ident i f i cat ion . 

(7) creating directories that contain telephone, 
Internet, fax, wireless, page, cellular, e- 

20 mail, instant messaging and/or similar data 

under one or more human readable formats 
addressable by a communication device. 
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When the client makes a transmission to the website 
server (108) , the packet (7) is now routed to the 
forwarder (107) . The client (101) will typically connect 
to the forwarder (107) through a well-known port. After 
5 receiving the packet from the client (101) , the forwarder 
(107) proceeds to query the controller (106) (shown as 
packet (8)) to determine: (1) whether the client (101) is 
valid; (2) if the TTL has not expired; and (3) if the IP 
address of the website server (108) that the client wishes 

10 to connect to is valid. If everything is confirmed, the 
controller (106) then sends back the relevant information 
via packet (9) . The forwarder (107) then extracts the 
needed information including the website server (108) IP 
address, and forwards the packet on to it's intended 

15 destination. 

It should be understood that the deceiver (104) , the 
controller (106), and the forwarder (107) are applications. 
The website server (108) may be generalized as any server 
application. Furthermore, the deceiver (104) , the 

20 controller (106) , and the forwarder (107) can all be on a 
single computer, or separate computers. Also, the deceiver 
(104) and the controller (105) can be on the client's 
computer . 
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FIG. 3-4 represent a flowchart representation of the 
invention as previously disclosed in FIG. 1-2. In step 
(401) , the client configures software/hardware on the 
client computer, and establishes a session by signing on or 
5 logging into a network for a predetermined time (402) . 
When the client wishes to transmit data onto the network, 
or otherwise communicate with other computers or servers, 
one option available for the client is to query the 
resolver in order to retrieve an intended destination site 
10 (403) . In (403) , the resolver query is routed to the 

deceiver. After receiving the contents of the resolver, 
the deceiver then forwards the query to the controller in 
(404) . 

When the controller receives the query packet, the 
15 controller next records the location of the client, 

determines the TTL for the client session, and further 
queries a DNS name server, and receives back the IP address 
of the website which the client wishes to contact (405) . 
In (406) , the controller then establishes contact with an 
20 available forwarder through which the client session may be 
transmitted through, and subsequently records the IP 
address. While it is not displayed in the flowchart, if 
the controller determines that: (1) a TTL has expired; (2) 
an invalid client is sending the query; (3) a valid 
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forwarder is unavailable; or (4) a desired website 
destination is invalid, or any combination thereof, the 
controller aborts the remainder of the process and 
transmits the appropriate message or subroutine to the 
5 client. If everything is determined to be valid, then the 
controller proceeds to store into memory the client's IP 
address, the destination website IP address, the forwarder 
IP address, and the TTL (407) . 

In step (408) , the controller sends back to the 

10 deceiver the forwarder IP address, that is masquerading as 
the destination website IP address. The deceiver in turn 
sends the data back to the client (409) , where the client 
then connects with the forwarder through a known port . The 
forwarder next queries the controller to determine the 

15 validity of the client, the status of the TTL, and the IP 
address of the website which the client is trying to reach 
(410) . Just like the controller, if the forwarder 
determines at this point that: (1) a TTL has expired; (2) 
an invalid client is sending the query; or (3) a desired 

20 website destination is invalid, or any combination 

thereof, the forwarder aborts the remainder of the process, 
and transmits the appropriate message or subroutine back to 
the client (411) . If everything is determined to be valid, 
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the forwarder will proceed to transmit the client's data to 
the destination website server (412) . 

Once the destination website receives the data from 
the client, the server will only recognize the forwarder as 
5 the source, and thus would only communicate back to the 
client via the forwarder. Accordingly, if the website 
server requires to communicate back to the client, the data 
is routed through the forwarder (413) . When data is 
received by the forwarder, the forwarder, in principle, 

10 reverses the process disclosed in (410) to determine the 
source client which is intended to receive the website 
server's data (414). The data may be of any kind 
including, but not limited to, text, programs, applets, 
video, audio, etc. Once the forwarder determines the 

15 client's proper IP address, the forwarder then transmits 
the reply data back to the client (415) . 

Although the present invention has been described in 
detail, it is to be understood that various changes, 
alterations, and substitutions can be made without 

20 departing from the spirit and scope of the invention. More 
particularly, it should be apparent to those skilled in the 
pertinent art that the above described invention is 
algorithmic and is executable by a suitable conventional 
computer system or network. Alternate embodiments of the 

17 

13083 1 



present invention may also be suitably implemented, at 
least in part, in firmware or hardware, or some suitable 
combination. 
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CLAIMS 



We claim: 

1. A method, comprising: 

(a) transmitting a packet from at least one client to 
a deceiver; 

(b) transmitting the packet from the deceiver to a 
controller; 

(c) routing the packet from the controller to a first 
server to resolve the packet; 

(d) receiving the resolved packet from the first 
server back to the controller; 

(e) establishing a connection between the controller 
and a forwarder; 

(f) processing the resolved packet and storing data 
from the packet in the controller; 

(g) routing the packet back through the client to the 
forwarder; 

(h) further processing the packet in the forwarder, 
where the packet is then transmitted to a second 
server . 

19 
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The method according to claim 1, wherein the packet 
sent from the client contains a request for a domain 
name resolution. 

The method according to claim 2, wherein the packet 
sent from the client is forwarded through the deceiver 
to the controller, where said controller subsequently 
queries a domain name server. 

The method according to claim 3, wherein the domain 
name server resolves the client request, and returns 
the resolved packet back to the controller. 

The method according to claim 1, wherein the packet 
from the client computer includes a request to resolve 
an IP address of a website server that the client is 
intending to reach. 

The method according to claim 5, wherein the 
controller stores an IP address that represents the 
origin of a client. 



The method according to claim 5, wherein the 
controller stores an IP address of the website server 
that the client is intending to reach. 

The method according to claim 5, wherein the 
controller stores an IP address that represents the 
location of the forwarder. 

The method according to claim 5, wherein the 
controller stores a time-to-live function for a 
session. 

The method according to claim 5, wherein the 
processing of the resolved packet includes 
interchanging the IP address of the website server 
with the IP address of the forwarder. 

The method according to claim 5, wherein the 
processing of the resolved packet in the forwarder 
includes said forwarder querying the controller to 
determine the destination IP. 

The method according to claim 5, wherein the 
processing of the resolved packet in the forwarder 



includes said forwarder querying the controller to 
determine the client IP, the deceiver IP and a time- 
to-live to establish validity of client request. 



5 13 . A computer system comprising: 

(a) a deceiver connected to at least one client to 
receive/send data, whereby the deceiver 
misdirects data received from the client back to 
said client; 

10 (b) a forwarder connected to the client and a 

destination website; 
(c) a controller in communication with the deceiver, 
the forwarder, and a server. 



15 14 . A computer system according to claim 13, wherein the 
controller receives data from the deceiver containing 
destination instruction . 



15. A computer system according to claim 14, wherein the 
20 destination instruction is an IP address of a website 

that the client is intending to communicate with. 



16. A computer system according to claim 13, wherein the 
deceiver forwards a destination instruction to the 
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controller, and the controller transmits the 
instruction to the server. 

A computer system according to claim 16, wherein the 
server returns the destination instruction back to the 
controller . 

A computer system according to claim 17, wherein the 
controller extracts and replaces the destination 
instruction with a misdirected destination 
instruction. 

A computer system according to claim 18, wherein the 
controller stores the destination instruction. 

A computer system according to claim 19, wherein the 
controller transmits the misdirected destination 
instruction to the deceiver. 

A computer system according to claim 20, wherein the 
misdirected destination instruction identifies the 
forwarder as a destination. 



A computer system according to claim 21 wherein the 
deceiver forwards the misdirected destination 
instruction through the client to the forwarder. 

A computer system according to claim 22 wherein the 
forwarder validates the misdirected destination 
instruction via the controller. 

A computer system according to claim 23 wherein the 
forwarder executes the validated misdirected 
destination instruction to the destination website. 

A method for communicating through virtual namespaces 
comprising: 

(a) assigning an ad hoc domain to at least one client 
with a controller via a deceiver; 

(b) misdirecting client destination instructions 
through the controller and deceiver; 

(c) validating the misdirected IP queries through a 
forwarder, wherein the forwarder, controller and 
deceiver function as the client's domain for the 
virtual namespace . 



26. The method according to claim 25 wherein the ad hoc 
domain exists for a predetermined period of time. 

27. The method according to claim 25 wherein the 
controller and deceiver misdirect client destination 
instruction back to the client. 

28. The method according to claim 27 wherein data in the 
client destination instruction is recorded and stored 
in the controller. 

29. The method according to claim 27 wherein the 
controller establishes communication with a forwarder 
through which said misdirected client destination 
instruction is to be routed through. 

30. The method according to claim 29 wherein the deceiver 
communicates the output of the controller to the 
client . 

31. The method according to claim 29 wherein the forwarder 
validates the misdirected client destination 
instruction through the controller 
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A computer program article of manufacture comprising: 

(a) a computer readable medium; 

(b) program means in said computer readable medium 
for communicating with at least one client; 

(c) program means in said computer readable medium 
for misdirecting client IP queries; 

(d) program means in said computer readable medium 
for validating the misdirected client IP queries 
and communicating data contained in said IP 
queries to a destination website; 

(e) program means in said computer readable medium 
for re-validating data sent from said destination 
website that is intended for the client. 

A method for misdirecting destination instructions, 
comprising : 

(a) receiving a destination instruction from at least 
one client; 

(b) processing and storing the destination 
instruction; 

(c) establishing a misdirection destination for said 
destination instruction; 

(d) transparently transmitting the misdirection 
destination back to the client. 



34. 



The method according to claim 33, wherein the 
destination instruction is received by a deceiver; 



5 35. The method according to claim 34, wherein the 

destination instruction is forwarded to a controller; 



36. The method according to claim 35, wherein the 

destination instruction is resolved and processed in 
10 the controller. 



37. The method according to claim 36, wherein the 
controller establishes a misdirection destination by 
communicating to a forwarder. 

15 

38. The method according to claim 37, wherein the 
misdirection destination is the forwarder. 



39. The method according to claim 33, wherein the client 
20 further transmits data relating to the destination 

instruction using the misdirected destination 
instruction. 
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40. A computer system comprising: 

(a) a processing system connected to at least one 
client ; 

(b) a deceiver communicating with the processing 
5 system; 

(c) a forwarder communicating with the processing 
system; 

(d) a controller communicating with the deceiver and 
the forwarder, wherein said controller, deceiver 

10 and forwarder define a domain through which the 

client communicates to a network. 

41. A computer system according to claim 40, wherein the 
deceiver and controller define a first part of the 

15 domain by directing client activity to a predetermined 

destination established by the deceiver. 

42. A computer system according to claim 41 wherein the 
predetermined destination is transparently substituted 

20 for a client's intended destination. 

43. A computer system according to claim 41, wherein the 
forwarder defines a second part of the domain by 
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validating the predetermined destination established 
by the deceiver and controller, 

A computer system according to claim 4 0 wherein said 
at least one client and a network transmit data to 
each other through the domain. 
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ABSTRACT 



The present invention is an apparatus, system and 
method for communicating to a network through an ad hoc 

5 virtual domain. The present invention contains a deceiver, 
a controller, and a forwarder through which a client 
communicates through. The deceiver, controller, and 
forwarder collectively establish the domain in which the ad 
hoc virtual namespace will exist. This invention allows 

10 clients to interact over a network in a fashion that is 
anonymous and unique to the session which the client is 
engaging in. 
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401 



Configure client (101) browser and 
related applications 



402 



407 



i 
i 

I 

Deceiver (104) stores to the Controller (106): 
(1) The client's IP 
(2) The destination website IP 
(3)The Forwarder IP 
(4) The TTL value 



Client (101) logs in to start a session 
for a predetermined time 



408 



403 



Resolver is queried by client (101) 
to resolve domain name and 
routes packet to Deceiver (104) 



404 



Deceiver (104) returns to the Client (101) 
the Forwarder (107) IP as the destination 
website (108) IP 



409 



The Client (101) forwards 
the data to the Forwarder (107) through 
* a known port 



Deceiver (104) forwards query to 
Controller (106) 



410 



405 



Controller (104) queries DNS (105) for IP 

of website server (108), establishes 
client (101) location and determines a TTL 



The Forwarder (107) queries the 
Controller (106) to determine: (1) validity 
, of Client (101), (2) the destination 
website (108) IR and (3) if TTL has expired 



411 



406 



Controller (104) establishes contact 
with a valid Forwarder (107) 



i 
I 

t 



If query is not valid, or if TTL 
has expired, Forwarder (107) 
aborts communication 



412 



If query is valid, Forwarder (107) 
communicates with destination 
website (108), using the Forwarder's (107) 
IP as the source 



l 

T 



Figure 3 



i 

Reply data from the destination 
website (108) are routed through 
the Forwarder (107) 



414 



The Forwarder determines the 
Client's (101) IP from previous 
query in (408) 



415 



The Forwarder (107) forwards back 
reply data from destination website (108) 
to the Client (101) 



Figure 4 



Docket No. 3835-4001 



COMBINED DECLARATION AND POWER OF ATTORNEY FOR 
ORIGINAL, DESIGN, NATIONAL STAGE OF PCT, SUPPLEMENTAL, 
DIVISIONAL, CONTINUATION OR CONTINUATION-IN-PART APPLICATION 



As a below named inventor, I hereby declare that: 

My residence, post office address and citizenship are as stated below next to my name, 

I believe I am the original, first and sole inventor (if only one name is listed below) or an original, first and joint 
inventor (if plural names are listed below) of the subject matter which is claimed and for which a patent is sought on 
the invention entitled: 

APPARATUS, SYSTEM, AND METHOD FOR COMMUNICATING TO A NETWORK THROU GH A 
VIRTUAL DOMAIN — 

the specification of which 

a. ^ is attached hereto 

b. □ was filed on as application Serial No. and was amended on 

. (if applicable). 

PCT FILED APPLICATION ENTERING NATIONAL STAGE 

c. □ was described and claimed in International Application No. filed on and as amended 

on . (if any). 

I hereby state that I have reviewed and understand the contents of the above-identified specification, including the 
claims, as amended by any amendment referred to above. 

I acknowledge the duty to disclose information which is material to patentability as defined in 37 C.F.R. § 1.56. 

I hereby specify the following as the correspondence address to which all communications about this application are 
to be directed: 

SEND CORRESPONDENCE TO: 

MORGAN & FINNEGAN, L.L.P. 
345 Park Avenue 
New York, N.Y. 10154 

DIRECT TELEPHONE CALLS TO: 202-857-7887 



□ I hereby claim foreign priority benefits under Title 35, United States Code § 1 19 (a)-(d) or under § 365(b) 
of any foreign application(s) for patent or inventor's certificate or under § 365(a) of any PCT international 
application(s) designating at least one country other than the U.S. listed below and also have identified 
below such foreign application(s) for patent or inventor's certificate or such PCT international 
application(s) filed by me on the same subject matter having a filing date within twelve (12) months before 
that of the application on which priority is claimed: 
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O The attached 35 U.S.C. § 1 19 claim for priority for the application(s) listed below forms a part of this 
declaration. 



Country/PCT Application Date of filing Date of issue Priority 

Number (day, mon th> yr) (day, month, yr) Claimed 



□ 


Y 




N 


□ 


Y 




N 


□ 


Y 




N 



[~1 I hereby claim the benefit under 35 U.S.C. § 1 19(e) of any U.S. provisional application(s) listed below. 
Provisional Application No. Date of filing (day, month, yr) 



ADDITIONAL STATEMENTS FOR DIVISIONAL, CONTINUATION OR CONTINUATION-IN-PART 
OR PCT INTERNATIONAL APPLICATIONS DESIGNATING THE U.S.) 

I hereby claim the benefit under Title 35, United States Code § 120 of any United States application(s) or under § 
365(c) of any PCT international application(s) designating the U.S. listed below. 



US/PCT Application Serial No. Filing Date, Status (patented, pending, abandoned)/ 

U.S. application no. assigned (For PCT) 

^ US/PCT 

Application Serial No. Filing Date, Status (patented, pending, abandoned)/ 

U.S. application no. assigned (For PCT) 

n In this continuation-in-part application, insofar as the subject matter of any of the claims of this 

application is not disclosed in the above listed prior United States or PCT international application(s) in the 
manner provided by the first paragraph of Title 35, United States Code, § 1 12, 1 acknowledge the duty to 
disclose material information as defined in Title 37, Code of Federal Regulations, § 1.56(a) which occurred 
between the filing date of the prior application(s) and the national or PCT international filing date of this 
application. 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that 
willful false statements and the like so made are punishable by fine or Imprisonment, or both, under Section 1001 of 
Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the 
application or any patent issued thereon. 
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I hereby appoint the following attorneys and/or agents with full power of substitution and revocation, to prosecute 
this application, to receive the patent, and to transact all business in the Patent and Trademark Office connected 
therewith: John A. Diaz (Reg. No. 19,550), John C. Vassil (Reg. No. 19,098), Alfred P. Ewert (Reg. No. 19,887), 
David H. Pfeffer (Reg. No. 19,825), Harry C. Marcus (Reg. No. 22,390), Robert E. Paulson (Reg. No. 21,046), 
Stephen R. Smith (Reg. No. 22,615), Kurt E. Richter (Reg. No. 24,052), J. Robert Dailey (Reg. No. 27,434), 
Eugene Moroz (Reg. No. 25,237), John F. Sweeney (Reg. No. 27,471), Arnold I. Rady (Reg. No, 26,601), 
Christopher A. Hughes (Reg. No. 26,914), William S. Feiler (Reg. No. 26,728), Joseph A. Calvaruso (Reg. No. 
28,287), James W. Gould (Reg. No. 28,859), Richard C. Komson (Reg. No. 27,913), Israel Blum (Reg. No. 
26,710), Bartholomew Yerdirame (Reg. No. 28,483), Maria C.H. Lin (reg. No. 29,323), Joseph A. DeGirolamo 
(Reg. No. 28,595), Michael P. Dougherty (Reg. No. 32,730), Seth J. Atlas (Reg. No. 32,454), Andrew M. Riddles 
(Reg. No. 31,657), Bruce D. DeRenzi (Reg. No. 33,676), Michael M. Murray (Reg. No. 32,537), Mark J. Abate 
(Reg. No. 32,527), Alfred L. Haffner, Jr. (Reg. No. 18,919), Harold Haidt (Reg. No. 17,509), John T. Gallagher 
(Reg. No. 35,516), Steven F. Meyer (Reg. No. 35,613) and Kenneth H. Sonnenfeld (Reg. No. 33,285), Tony V. 
Pezzano (Reg. No. 38,271), Andrea L. Wayda (Reg. 43,979) and Walter G. Hanchuk (Reg. No. 35,179) of Morgan 
& Finnegan, L.L.P. whose address is: 345 Park Avenue, New York, New York, 10154; and Michael S. Marcus 
(Reg. No. 31,727) and John E. Hoel (Reg. No. 26,279) of Morgan & Finnegan, L.L.P., whose address is 1775 Eye 
Street, Suite 400, Washington, D.C. 20006. 

[H I hereby authorize the U.S. attorneys and/or agents named hereinabove to accept and follow instructions 

from as to any action to be taken in the U.S. Patent and Trademark Office regarding this application 

without direct communication between the U.S. attorneys and/or agents and me. In the event of a change 
in the person(s) from whom instructions may be taken I will so notify the U.S. attorneys and/or agents 
named hereinabove. 



Full name of sole or first inventor Douglas A. Campbell 

Inventor's signature* 

date 

Residence: 1402 Red Sunset Ave., Henderson, NV 89014 
Citizenship: United States 

Post Office Address: 1402 Red Sunset Ave., Henderson, NV 89014 



Full name of second inventor Alan B. Hamor 

Inventor's signature* 

date 

Residence: 22 Meadow Lane, Pennington, NJ 08534 
Citizenship: United States 

Post Office Address: 22 Meadow Lane, Pennington, NJ 08534 



ATTACHED IS ADDED PAGE TO COMBINED DECLARATION AND POWER OF ATTORNEY 
FOR SIGNATURE BY THIRD AND SUBSEQUENT INVENTORS FORM. 
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Full name of third inventor Mike D. Helton 

Inventor's signature* 

date 

Residence: 3360 Paso Andres, Las Vegas, NV 89146 
Citizenship: United States 

Post Office Address: 3360 Paso Andres, Las Vegas, NV 89146 
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* Before signing this declaration, each person signing must: 

1 . Review the declaration and verify the correctness of all information therein; and 

2. Review the specification and the claims, including any amendments made to the claims. 

After the declaration is signed, the specification and claims are not to be altered. 



To the inventor(s): 

The following are cited in or pertinent to the declaration attached to the accompanying application: 
Title 37, Code of Federal Regulation, §1.56 
Duty to disclose information material to patentability 

(a) A patent by its very nature is affected with a public interest. The public interest is best served, and the 

most effective patent examination occurs when, at the time an application is being examined, the Office is 
aware of and evaluates the teachings of all information material to patentability. Each individual 
associated with the filing and prosecution of a patent application has a duty of candor and good faith in 
dealing with the Office, which includes a duty to disclose to the Office all information known to that 
individual to be material to patentability as defined in this section. The duty to disclose information exists 
with respect to each pending claim until the claim is canceled or withdrawn from consideration, or the 
application becomes abandoned. Information material to the patentability of a claim that is canceled or 
withdrawn from consideration need not be submitted if the information is not material to the patentability 
of any claim remaining under consideration in the application. There is no duty to submit information 
which is not material to the patentability of any existing claim. The duty to disclose all information known 
to be material to patentability is deemed to be satisfied if all information known to be material to 
patentability of any claim issued in a patent was cited by the Office or submitted to the Office in the 
manner prescribed by §§1.97(b)-(d) and 1.98. However, no patent will be granted on an application in 
connection with which fraud on the Office was practiced or attempted or the duty of disclosure was 
violated through bad faith or intentional misconduct. The Office encourages applicants to carefully 
examine: 

(1) prior art cited in search reports of a foreign patent office in a counterpart application, and 

(2) the closest information over which individuals associated with the filing or prosecution of a patent 
application believe any pending claim patentably defines, to make sure that any material 
information contained therein is disclosed to the Office. 

Title 35, U.S. Code § 101 

Inventions patentable 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions 
and requirements of this title. 
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Title 35 U.S. Code § 102 

Conditions for patentability; novelty and loss of right to patent 
A person shall be entitled to a patent unless -- 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for patent, 

(b) the invention was patented or described in a printed publication in this or foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent 
in the United States, or 



(c) he has abandoned the invention, or 

(d) the invention was first patented or caused to be patented, or was the subject of an inventor's 
certificate, by the applicant or his legal representatives or assigns in a foreign country prior to the 
date of the application for patent in this country on an application for patent or inventor's 
certificate filed more than twelve months before the filing of the application in the United States, 
or 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international 
application by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 
371(c) of this title before the invention thereof by the applicant for patent, or 

(f) he did not himself invent the subject matter sought to be patented, or 

(g) before the applicant's invention thereof the invention was made in this country by another who 
had not abandoned, suppressed, or concealed it. In determining priority of invention there shall 
be considered not only the respective dates of conception and reduction to practice of the 
invention, but also the reasonable diligence of one who was first to conceive and last to reduce to 
practice, from a time prior to conception by the other . 



Title 35, U.S. Code § 103 

Conditions for patentability; non-obvious subject matter 

A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

Subject matter developed by another person, which qualifies as prior art only under subsection (f) or (g) of 
section 102 of this title, shall not preclude patentability under this section where the subject matter and the 
claimed invention were, at the time the invention was made, owned by the same person or subject to an 
obligation of assignment to the same person. 
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Title 35, U.S. Code § 112 (in part) 



Specification 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise and exact terms as to enable any person skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth 
the best mode contemplated by the inventor of carrying out his invention. 

Title 35, U.S. Code, § 119 

Benefit of earlier filing date in foreign country; right of priority 

An application for patent for an invention filed in this country by any person who has, or whose legal 
representatives or assigns have, previously regularly filed an application for a patent for the same invention 
in a foreign country which affords similar privileges in the case of applications filed in the United States or 
to citizens of the United States, shall have the same effect as the same application would have if filed in 
this country on the date on which the application for patent for the same invention was first filed in such 
foreign country, if the application in this country is filed within twelve months from the earliest date on 
which such foreign application was filed; but no patent shall be granted on any application for patent for an 
invention which had been patented or described in a printed publication in any country more than one year 
before the date of the actual filing of the application in this country, or which had been in public use or on 
sale in this country more than one year prior to such filing. 

Title 35, U.S. Code, §120 

Benefit or earlier filing date in the United States 

An application for patent for an invention disclosed in the manner provided by the first paragraph of 
section 1 12 of this title in an application previously filed in the United States, or as provided by section 
363 of this title, which is filed by an inventor or inventors named in the previously filed application shall 
have the same effect, as to such invention, as though filed on the date of the prior application, if filed 
before the patenting or abandonment of or termination of proceedings on the first application or an 
application similarly entitled to the benefit of the filing date of the first application and if it contains or is 
amended to contain a specific reference to the earlier filed application. 

Please read carefully before signing the Declaration attached to the accompanying Application. 

If you have any questions, please contact Morgan & Finnegan, L.L.P. 
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